SafeDisc

Last updated
SafeDisc
Developer(s) Macrovision Corporation (1999–2007)
Trymedia (2008–2009)
Initial release1998;25 years ago (1998)
Final release
4.90.010 / 2 May 2008;15 years ago (2008-05-02)
Operating system Microsoft Windows
Platform x86
Available inEnglish
Type Copy protection

SafeDisc is a copy protection program for Microsoft Windows applications and games distributed on optical disc. Created by Macrovision Corporation, it was aimed to hinder unauthorized disc duplication. The program was first introduced in 1998 and was discontinued on March 31, 2009. [1]

Contents

Although the stated use is to prevent piracy, many, including the Electronic Frontier Foundation, believe it is used to restrict one's fair-use rights. [2] [3]

History

There have been several editions of SafeDisc over the years. Each one has the goals of making discs harder to copy. The current revision is marketed as SafeDisc Advanced.

The early versions of SafeDisc did not make the discs very difficult to copy. Recent versions 2.9+ could produce discs that are difficult to copy or reverse engineer, requiring specific burners capable of emulating the "weak sectors" and odd data formats that are characteristic of SafeDisc.

Withdrawal of support

Shortly after the release of Windows 10 in 2015, Microsoft announced that games with SafeDisc DRM would not run on the operating system, citing security concerns over the software due to the way in which it becomes "deeply embedded" in the system. Microsoft stated that supporting SafeDisc could have been a possible loophole for computer viruses to exploit. [4] [5] Support for SafeDisc on earlier versions of Windows was withdrawn upon the release of update number 3086255 in 2015. [6]

Circumvention

Previous versions of SafeDisc were overcome by disc image emulator software such as Daemon Tools and Alcohol 120%. SafeDisc currently blacklists such software, meaning that those who want to use this method must install additional software to cloak the mounter; examples include CureRom and Y.A.S.U.

Another potential attack on SafeDisc is to pull the encrypted application out of the archive it is contained in. All SafeDisc encrypted discs contain an ICD file, an encrypted format used by SafeDisc to ensure that the original CD is loaded. UnSafeDisc circumvents and decrypts SafeDisc encrypted files by opening the ICD file format, decrypting it, and converting it to an EXE file. However, each program requires a specific patch to enable full functionality.

Operation

SafeDisc adds a unique digital signature to the optical media at the time of replication. Each time a SafeDisc-protected program runs, the SafeDisc authenticator performs various security checks and verifies the SafeDisc signature on the optical media. The authentication process takes about 10 to 20 seconds. Once verification has been established, the sequence is complete and the program will start normally. The SafeDisc signature is designed to be difficult to copy or transfer from the original media. (For example, it might change as a result of error correction during the copying process.) Certain multimedia programs are designed to run from the PC's hard drive without accessing files from the program disc after the initial installation. SafeDisc will permit this as long as the consumer retains the original CD or DVD, which is required for authentication each time the program is launched. Failure to place the original disc in the drive when loading the program will prevent validation of the SafeDisc signature.

Version history

SafeDisc (V1) (1998–2001)

SafeDisk V1 protected CDs can be recognized by several files on the CD:

And also by the existence of two files game.EXE and game.ICD (where game is replaced with the actual game's name).

The EXE executable is only a loader which decrypts and loads the protected game executable in the encrypted ICD file.

The initial version of SafeDisc was easy for home users and professional duplicators alike to copy, due to the fact that the ICD file can be decrypted and converted into an EXE file.

SafeDisc (V2) (November 2000–2003)

The following files should exist on every original CD:

The loader file (game.EXE) is now integrated into the main executable, making the game.ICD file obsolete. Also the CLOKSPL.EXE file, which was present in SafeDisc v1, no longer exists.

The SD2 version can be found inside the game.EXE file through its string: BoG_ *90.0&!!  Yy>, followed by three unsigned longs, these are the version, subversion and revision numbers (in hex). When making a backup, read errors will be encountered between sectors 806–10663.

The protection also has "weak" sectors, introduced with this version, which causes synchronization problems with certain CD-Writers. Digital signatures are still present in this version. But this has no effect on disc images mounted in Daemon Tools or similar programs. In addition, SafeDisc Version 2.50 added ATIP detection making it impossible to use a copy in a burner unless software that masks this is used (CloneCD has the ability to do this. [7] ) SafeDisc Versions 2.90 and above make burning copies more difficult requiring burners that are capable of burning the "weak sectors"; these drives are uncommon. However, there are software solutions that eliminate the need for specialized hardware. [8]

SafeDisc (V3) (2003–2005)

SafeDisc v3 uses a key to encrypt the main executable (EXE or DLL) and creates a corresponding digital signature which is added to the CD-ROM/DVD-ROM when they are replicated. The size of the digital signature varies from 3 to 20 MB depending how good the encryption must be. The authentication process takes about 10 to 20 seconds.

SafeDisc v3 is capable of encrypting multiple executables over one or more CDs/DVDs, as long as the executables are encrypted with the same key and the digital signature is added to each media. SafeDisc v3 supports Virtual Drives as long as the original CD/DVD is available. Once the CD has been authenticated the game should continue to run from the virtual drive, provided the virtual drive software has not been blacklisted.

CloneCD is able to make fair use [ citation needed ] copies of V3. [9]

SafeDisc (V4) (2005–2008)

The final major SafeDisc version was Version 4, released in February 2005. It lost ground to SecuROM over time, with the final build being version 4.90.010 in May 2008, and with the product being discontinued on March 30, 2009.

SafeDisc driver vulnerabilities

On November 7, 2007, Microsoft stated that "there is vulnerability in Macrovision SECDRV.SYS driver [10] on Windows and it could allow elevation of privilege. This vulnerability was patched by Microsoft on December 11, 2007 [11] This vulnerability does not affect Windows Vista. The driver, secdrv.sys, is used by games which use Macrovision SafeDisc. Without the driver, games with SafeDisc protection would be unable to play on Windows". Ultimately, this would prove to be one of the factors that would lead to them to drop support for the program in 2015.

Related Research Articles

Software cracking is an act of removing copy protection from a software. Copy protection can be removed by applying a specific crack. A crack can mean any tool that enables breaking software protection, a stolen product key, or guessed password. Cracking software generally involves circumventing licensing and usage restrictions on commercial software by illegal methods. These methods can include modifying code directly through disassembling and bit editing, sharing stolen product keys, or developing software to generate activation keys. Examples of cracks are: applying a patch or by creating reverse-engineered serial number generators known as keygens, thus bypassing software registration and payments or converting a trial/demo version of the software into fully-functioning software without paying for it. Software cracking contributes to the rise of online piracy where pirated software is distributed to end-users through filesharing sites like BitTorrent, One click hosting (OCH), or via Usenet downloads, or by downloading bundles of the original software with cracks or keygens.

<span class="mw-page-title-main">Alcohol 120%</span> Optical disc authoring software

Alcohol 120% is a disk image emulator created by Alcohol Soft. It can create and mount disc images in the proprietary Media Descriptor File format. Images in this format consist of a pair of .mds and .mdf files. Alcohol 120% can also convert image files to the ISO format. Alcohol Soft has cited it will not be developing an image editor for Alcohol 120%.

<span class="mw-page-title-main">Copy Control</span>

Copy Control was the generic name of a copy prevention system, used from 2001 until 2006 on several digital audio disc releases by EMI Group and Sony BMG Music Entertainment in several regions. It should not be confused with the CopyControl computer software copy protection system introduced by Microcosm Ltd in 1989.

InCD is a packet writing software developed by Nero AG for Microsoft Windows.

SecuROM is a CD/DVD copy protection and digital rights management (DRM) system developed by Sony DADC. It aims to prevent unauthorised copying and reverse engineering of software, primarily commercial computer games running on Windows. The method of disc protection in later versions is data position measurement, which may be used in conjunction with online activation DRM. SecuROM gained prominence in the late 2000s but generated controversy because of its requirement for frequent online authentication and strict key activation limits. A 2008 class-action lawsuit was filed against Electronic Arts for its use of SecuROM in the video game Spore. Opponents, including the Electronic Frontier Foundation, believe that fair-use rights are restricted by DRM applications such as SecuROM.

<span class="mw-page-title-main">MediaMax CD-3</span>

MediaMax CD-3 is a software package created by SunnComm which was sold as a form of copy protection for compact discs. It was used by the record label RCA Records/BMG, and targets both Microsoft Windows and Mac OS X. Elected officials and computer security experts regard the software as a form of malware since its purpose is to intercept and inhibit normal computer operation without the user's authorization. MediaMax received media attention in late 2005 in fallout from the Sony XCP copy protection scandal.

<span class="mw-page-title-main">AnyDVD</span> DVD ripping software

AnyDVD is a device driver for Microsoft Windows which allows decryption of DVDs on the fly, as well as targeted removal of copy preventions and user operation prohibitions (UOPs). With an upgrade, it will also do the same for HD DVD and Blu-ray Disc. The AnyDVD program runs in the background, making discs unrestricted and region-free. In addition to removing digital restrictions, AnyDVD will also defeat Macrovision analog copy prevention. Analog prevention distorts the video signal to prevent high quality copying from the output. AnyDVD is also able to remove copy-prevention from audio CDs.

Dynamic-link library (DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX, or DRV . The file formats for DLLs are the same as for Windows EXE files – that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.

<span class="mw-page-title-main">ImgBurn</span>

ImgBurn is an optical disc authoring program that allows the recording of many types of CD, DVD and Blu-ray images to recordable media. Starting with version 2.0.0.0, ImgBurn can also burn files and data directly to CD or DVD. It is written in C++. It supports padding DVD-Video files so the layer break occurs on a proper cell boundary.

The booting process of Windows NT is the process run to start Windows NT. The process has been changed between releases, with the biggest changes being made with Windows Vista. In versions before Vista, the booting process begins when the BIOS loads the Windows NT bootloader, NTLDR. Starting with Vista, the booting process begins with either the BIOS or UEFI load the Windows Boot Manager, which replaces NTLDR as the bootloader. Next, the bootloader starts the kernel, which starts the session manager, which begins the login process. Once the user is logged in, File Explorer, the graphical user interface used by Windows NT, is started.

The Microsoft Windows operating system supports a form of shared libraries known as "dynamic-link libraries", which are code libraries that can be used by multiple processes while only one copy is loaded into memory. This article provides an overview of the core libraries that are included with every modern Windows installation, on top of which most Windows applications are built.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

Tagès was a software copy protection system, jointly developed, at first, by MPO and the Thales Group starting in 1999. Its method of protection has since been described as twin sectors.

<span class="mw-page-title-main">Architecture of Windows 9x</span>

The Windows 9x series of operating systems refers to the kernel which lies at the heart of Windows 9x. Its architecture is monolithic.

<span class="mw-page-title-main">Daemon Tools</span> Software for virtual drives

DAEMON Tools is a virtual drive and optical disc authoring program for Microsoft Windows and Mac OS.

Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.

Win32/Patched is a computer Trojan targeting the Microsoft Windows operating system that was first detected in October 2008. Files detected as "Trojan.Win32.Patched" are usually Windows components that are patched by a malicious application. The purpose of patching varies. For example, certain malware patches system components in order to disable security, such as the Windows Safe File Check feature. Other malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code.

<span class="mw-page-title-main">Fakesysdef</span> Trojan targeting the Microsoft Windows operating system

Trojan:Win32/FakeSysdef, originally dispersed as an application called "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter", is a Trojan targeting the Microsoft Windows operating system that was first documented in late 2010.

References

  1. "SafeDisc End-of-Life Notice – Trymedia – Wayback Machine". 2018-07-26. Archived from the original on 2009-02-19.
  2. Electronic Frontier Foundation's website's DRM section
  3. Commentary by Fred Lohmann of the EFF, "So this is just another example of the way in which the MPAA companies use DRM not to stop piracy...but rather to control those who make devices that play movies." (emphasis added)
  4. Walton, Mark (2015-08-18). "Windows 10 won't run games with SecuROM DRM, says Microsoft". Ars Technica. Retrieved 2019-01-15.
  5. Copeland, Wesley (2015-08-19). "Windows 10 won't run games with SafeDisk, SecuROM DRM". IGN. Retrieved 2019-01-15.
  6. "MS15-097: Description of the security update for the graphics component in Windows: September 8, 2015". Microsoft Support. Retrieved 26 September 2019.
  7. Clone CD Change log
  8. CloneCD product web page
  9. Clone CD Change log
  10. Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
  11. Vulnerability in Macrovision Driver Could Allow Local Privilege escalation (944653)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.